Lucene search
K

216683 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-25936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injectio...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 12:0 a.m.10 views

CVE-2026-30711

CVE-2026-30711 affects Devome GRR v4.5.0 and describes multiple authenticated SQL injection vulnerabilities in include/session.inc.php exploitable via the referer and user-agent. The NVD entry assigns CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with base score 8.8 (HIGH), indicating high impac...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2026/03/18 10:16 p.m.3 views

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

9.1CVSS0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 9:1 p.m.2 views

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

9.1CVSS6.1AI score0.00269EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 9:1 p.m.5 views

CVE-2026-32698 OpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code Execution

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

9.1CVSS6.1AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2026/03/18 9:1 p.m.18 views

CVE-2026-32698

OpenProject contains a SQL injection via a custom field name in Cost Reports in versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1. The injected field name can be processed by the SQL query, enabling arbitrary SQL execution. The issue is compounded by another bug in the Repositories_module that...

9.1CVSS6.1AI score0.00269EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/18 9:1 p.m.3 views

EUVD-2026-12966

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

9.1CVSS6.1AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 9:1 p.m.5 views

CVE-2026-32698 OpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code Execution

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

9.1CVSS6.2AI score0.00269EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 8:37 p.m.3 views

CVE-2026-32321

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/18 6:52 p.m.3 views

SQL Injection

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via the construction of SQL statements in the glancesduckdb. An attacker can execute arbitrary SQL commands or manipulate the database schema by supplying crafted...

9.1CVSS6.2AI score0.00325EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/18 6:16 p.m.4 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.9AI score0.00325EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/18 5:21 p.m.22 views

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS0.00325EPSS
Exploits1References3
CVE
CVE
added 2026/03/18 5:21 p.m.27 views

CVE-2026-32611

CVE-2026-32611 describes a SQL injection in Glances’ DuckDB export module. The vulnerability arises because table/column names in DDL statements are interpolated from monitoring data via f-strings, while DuckDB INSERT values already use parameterized queries. The GHSA-x46r fix addressed Timescale...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/18 5:21 p.m.1 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/18 5:21 p.m.2 views

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS5.8AI score0.00325EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:21 p.m.3 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS5.8AI score0.00325EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/18 4:34 p.m.1 views

SQL Injection

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

8.6CVSS6AI score0.00301EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 4:34 p.m.2 views

GHSA-GCG3-C5P2-CQGG OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

The fix for GHSA-p5g2-jm85-8g35 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query construction paths in StatementGenerator. The toSortStatement, toSelectStatement, and...

8.1CVSS5.9AI score0.00301EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/18 4:16 p.m.131 views

web-app-security-project

🛡️ Web Application Security Project 📌 Overview This projec...

5.9AI score
Exploits0
NVD
NVD
added 2026/03/18 4:16 p.m.5 views

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

9.8CVSS0.0026EPSS
Exploits0References1
Rows per page
Query Builder